Summary: | <dev-libs/opensc-0.11.7 Improper access restrictions (CVE-2009-0368) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | crypto+disabled, gengor |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://thread.gmane.org/gmane.comp.encryption.opensc.announce/22 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Robert Buchholz (RETIRED)
2009-02-27 13:56:14 UTC
opensc-0.11.7.ebuild target "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86" if you don't have smartcards I don't either. there have been numerous reports of this package working and I reasonably trust the upstream devs. Sparc stable. ppc64 done CVE-2009-0368 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0368): OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program. ppc stable alpha/arm/ia64/s390/sh/x86 stable amd64 stable hppa stable glsa vote: YES Yes, too. Request filed. dev-libs/opensc-0.11.8 has been stabilized on m68k due to bug #269920. GLSA 200908-01, thanks everyone. |